2011.06.08 TRIAL Day Thirteen (Morning Session)

[wenwe4]

Sandra Osborne-OCSO 21 years this year - computer

patrol, crime scene, sex crimes, child abuse, homicide and now computer crimes

college business degree - 700 hours training and 2 certifications for forensic computer examiner ...IASIS certification process ....2 week classroom...peer review phase.....practical exam problems....100 question practical knowledge exam successful completed.....classroom instruction and proficiency tests.....computer forensic exam...basic computers...where to locate on computer ..document those finding accurately

practical experience - several hundred exams..computers/cell phone/pda - anything with a digital file....expert witnesss in OC in FL - explained issues re: computer forensics.....no object - expert witness in area of forensic computer anaylsis

title? Detective Osborne.....received several items in disappearance of Caylee...first item cell phone belong to kc, envelope - label, reseal package, date and initials confirmed....item inside Nokia cell phone (is this the missing Nokia cell?)....received into evidence....forensic applications to utilize to retrieve data from cell ...process available ...cellbrite - tool ...able to give reliable data premier in field...contact list, text, incoming outgoing, voice message, audio and pic files, anything phone does......service provider can extract data can be hampered.....manufacturer of phone doesn't allow 3rd party tool....plug in port could be disabled from software....some data not available on that particular phone.....cellbrite updates software periodically...receive phone look for ZFG locate? initial data extrated contact list and music files...limits of cellbrite was not capable of fully extracting data on the phone....sim card little card chip allows phone to connect to network....sim cards interchangable in different phones attempt to contact ....don't recall if sim card was in kc's phone - look @ report to refresh recollect for sim card....it did have a sim card...use different forensic applications other cellbrite to retrieve data from sim card? put sim card into cellbrite device.....sim card have any more info than the cellbrite extractions from the cell? simcard was same info as device.....locate any info about ZFG? didn't notice any.....not her function ....didn't see any but she handed data extracted to detectives in the case....cellbrite does nice job in reporting data that is easy to read...eventually received other evidence items to initially locate ZFG....computer, laptop computer....from Det. Beasely brought in laptop serial #, desktop computer serial number# HP home computer....received this computer from Awilda McBride from missing persons unit - on 7/17/08 1:30 pm....laptop received on 7/16/08 8:00 pm ....cameras? yes....polaroid T730 digital camera 7/17/08 and Nikon coolpix on 7/21/08.....forensic tool to examine camera - endcase by guidance software - digital camera...didn't plug Nikon camera but pulled the SD card into the adapter and used endcase to view contents of the card.....locate any video files of Caylee? yes....using that tool able to determine date of video files generated....dates on the files from Nikon coolpix 6/15/08 - reviewed the video....video from nursing facility....appeared to be yes....date and time accurate when actual image was captured....most cameras or videocameras will imbed information date and time of pic taken. gps coordinates if it is a newer device ....shutter speed, etc.....Nikon coolpix ....date and time setting the camera set to @ the time video was taken....when she received it compared date and time setting w/current date and time 7/21/08 10:54 am, and setting on camera 7/21/08 10:56 am - 2 min difference....

laptop received from Det. Beasley....what condition was it when provided? on/off?
laptop was? doesn't recall if powered on or off @ time received it....make a difference for retrieving data? document condition @ the time....word doc open, on the internet...power it down and remove the battery.....methodology to make sure it is off before any attempt to retrieve data? Yes in lab setting power it off and remove hard drive from the machine...

Desktop floor model - HP 520 N...hard drive 160 gigbytes ....item powerd down not on @ time of receipt...different tools evaluate contents of computer vs....used the endcase software....standard tool in industry....don't know when endcase started ....she's been using since 2006..a dacade or more....industry standard reliable software tool...

endcase tool can examine every bit every zero and every one on the harddrive....whether user can see that info or not.....what did with HP to ensure data as it existed was not changed/altered standard practice to maintain evidence as received....harddrive ...condition of computer removed....rightblocker....prevents forensic machine from taking ahold of it....don't want that to happen....windows wants to reach out and touch others....right blocker holds that original harddrive....put the orig. back into evidence and work on the copy that right blocker made.....returned hard drive .....she stored data on another hard drive and brought with today

with a cellphone ....

15 min recess

 

[coloradoteacher]

has anyone else read the Hinky Meter's consciousness of guilt post regarding the computer and the evidence that the firefox computer information was deleted during the time when YM told casey to get her cell phone records from the desktop, showing ICA knew there was incriminating evidence on there? fascinating... I hope the SA brings this in...
Here's the link: http://www.thehinkymeter.com/2011/06/06/caylee-anthony-case-consciousness-of-guilt/

 

[Chiquita71]

it did have a SIM card yes

LDB: other than cell bright to get data?

a process of removing the car and instruct the cell bright devise that recognizes the SIM card and report it for you.

LDB: did the SIM card have info other than physical phone itself?

the SIM card was same as device

LDB: with that info at that time, was there any info regarding ZFG

I didn't notice but it is not my function to know what was looking for. I get info and give.

LDB: you reduce it to a report or format?

the cell bright does a nice job in a nice web based report that is readable.

LDB: did you receive other items to locate ZFG?

I did

LDB: computers?

yes

LDB: lap top computer?

I did

LDB: who from?

Det. Beasley a lap top

LDB: serial number you remember?

my report will reflect(looking at notes) the serial number is (gives number)

LDB: receive desk top computer as well?

a floor model yes I did

LDB: serial number?

HP mxm410hyl

LDB: who did you receive that computer from?

Wilda McBride: missing persons

LDB: date and time?

July 17th 2008 at 1:30 pm

LDB: lap top

Beasely July 16th 2008 8 pm in evening

LDB: cameras?

I did

LDB: kind?

poleroid D17 camera, a nikon cool pics camera

LDB: are there forensic applications to determine the contents of camera?

forensic tool to examine

LDB: nikon cool pics?

guidance soft ware

LDB: what info does that provide off of camera?

I did not plug in nikon camera into Incase, I pulled the card that had files and put SD card into adapter to view contents of card

LDB: able to

yes

LDB: any files of Caylee Anthony

yes

LDB: date the video was generated?

yes

LDB: dates?

the dates on the files June 15th 2008

LDB: review video?

yes

LDB: nursing video?

yes

LDB: how do you know date and time is right?

most cameras today inbed in each file info about itself. the make and model of camera, date and time. GPS if more advanced where picture was taken, shutter speed, the info on this Nikon gave me into: the model and date and time

LDB: when you received the camera did you make an assessment re: the date and time?

I compared the dates and time to current time. It was july 21 2008 at 10 54 in morning and the setting on the clock itself so there was a two minute difference.

LDB: the lap top, what condition was it in when provided. on? off?

I believe that camera was off, the lap top(checking report) I don't recall if that item was powered on or off when I received it.

LDB: does that make a difference to you?

as far as retriveing data? no, I will remove the battery. I document the condition of the machine if running, is a word doc open...I will make a note before I power it down.

LDB: when performing an examination is it your methodology to make sure it is off before attempt to retrieve info?

in a lab setting, yes power down and retrieve the hard drive

LDB: when you received the desk top what?

(gives numbers)

LDB: how large is hard drive?

160 gig

LDB: ?

powered down

LDB: tools you use to evaluate computer?

I used the (NK) software

LDB: NK used for a long time?

it is a standard

LDB: how long utilized?

I have been using it since 2006. A decade or more?

LDB: NK is reliable?

it is an industustry standard

LDB: you told us about cell bright. what do you get through NK?

every bit on the hard drive. every zero and every "one". it looks at all info on hard drive.

LDB: what did you do with HP to insure the data as it existed was not changed altered or corrupted?

standard practice to protect original info. after docmenting condition of computer. I attached it to the right blocker, it prevents my machine from taking a hold of that drive and making changes, I don't want files to change or my machine to do that, I connect it to a blocker in a read only mode and put original away and work with copy.

LDB: orignial drive?

back in evidence

LDB: ?

hard drive is returned to family

LDB: before returned what do you do to make sure you have access to data?

the NK file I get the original drive is preserved, I have in court today.

LDB: you don't necessarily look at the data?

with a cell phone I hand over to investigators

LDB: as far as computer you do evaluate the data from hard drive?

correct

HHJP: taking a recess 15 minutes.

 

[Intermezzo]

she KNOWS what was on those devices and she knows it is NOT going to help her. JMHO

IMO she is thinking how she and Baez are going to blame George or someone else for those searches..

 

[Harmony 2]

<<<<<<<<<< Side Bar Thread >>>>>>

[ame="http://www.websleuths.com/forums/showthread.php?t=138995"]2011.06.08 Sidebar (Trial Day Thirteen) - Websleuths Crime Sleuthing Community[/ame]

 

[fifteen89]

LOL. I just looked at the clock 10 minutes ago and thought wow, no break yet!

 

[Aedrys]

Gee Casey, are you wishing you had stayed off the computer and cellphone now? A bit late for that! I just want to thank you for being so dumb with those two things.

 

[Quiche]

I think some of the jurors may be freaked out about how much can be known about you on these devices... I know I was.

 

[Searchfortruth]

Most defense atty's will try to attack chain of custody (in computer forensics cases), but with this witness I am sure she has her bases covered.

 

[songline]

I hope I put his in the right thread.

TODAY IN 2 MINUTES (on TODAY show)
[ame="http://www.msnbc.msn.com/id/36740125/vp/34328514#43323449"]TODAY Video Player[/ame]

 

[QB.]

I can't wait for cross.....coming from a guy who can't facilitate a secure server for autopsy photos....and who used his laptop during jury selection in a non secure manner.

Apparently JB was shocked when someone in the media linked in to his wi-fi signal....meaning NON SECURE.

That happened?!

 

[nursebeeme]

<<<<<<<<<< Side Bar Thread >>>>>>

2011.06.08 Sidebar (Trial Day Thirteen) - Websleuths Crime Sleuthing Community

bumpity bump... doors are closing...

 

[Linda7NJ]

Geeez Mason was staggering around at the end like a lost puppy

 

[jane the dood]

just interesting to note that there are two verizon employees and one computer guy on the jury ;-)

Ahhhh! The plot thickens!

 

[nursebeeme]

[ame="http://www.websleuths.com/forums/showthread.php?t=138995"]2011.06.08 Sidebar (Trial Day Thirteen) - Websleuths Crime Sleuthing Community[/ame] move on over to the sidebar... doors are closing in 5...4...3.....2.....1.....

 

[nursebeeme]

bumping up...... all rise

 

[laniefi]

It's a good day to be a ***geek*** kids!

From a former CIO and current Director of IT!

I love my fellow computer nerds! ((((HUGS))))

 

[pjmale]

On IS they are saying the SA may call Leonard Padilla.

 

[liltexans]

During break Cindy lays her head on George's shoulder. #CaseyAnthony -fell

by cfnews13casey via twitter 6/8/2011 2:33:16 PM at 9:33 AM

 

[stilettos]

This witness is a tough one...ICA's lies would not have made it past day 1 with this lady.